Transport for London (TfL)

Transport for London (TfL) suffered a **ransomware attack in early September 2024**, resulting in financial losses of **£39 million**. The attack was attributed to the **Scattered Spider hacking group**, with two teenagers (aged 18 and 19) arraigned in court for their involvement. The incident disrupted operations and led to significant recovery costs, including legal, forensic, and system restoration expenses. The trial is scheduled for **June 2025**, highlighting the growing threat of ransomware against critical public infrastructure. The attack underscores the vulnerability of transportation networks to cyber extortion, with broader implications for urban mobility and public trust in digital systems.

Source: https://news.risky.biz/risky-bulletin-russian-bill-would-require-researchers-to-report-bugs-to-the-fsb/

TPRM report: https://www.rankiteo.com/company/transport-for-london

"id": "tra0662706102725",
"linkid": "transport-for-london",
"type": "Ransomware",
"date": "9/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'Financial Services (Cryptocurrency)',
                        'location': 'India',
                        'name': 'WazirX',
                        'type': 'Cryptocurrency Exchange'}],
 'attack_vector': 'Unknown (likely exploit of exchange vulnerabilities or '
                  'credential compromise)',
 'customer_advisories': ['Notification of relaunch with zero trading fees'],
 'date_detected': '2023-07',
 'date_publicly_disclosed': '2024-10',
 'date_resolved': '2024-10',
 'description': "India's WazirX cryptocurrency exchange has resumed trading 15 "
                'months after a major security breach in July 2023, where '
                'hackers stole $235 million worth of assets. The exchange '
                'relaunched following a Singapore High Court-approved '
                'restructuring and introduced zero trading fees at launch.',
 'impact': {'brand_reputation_impact': 'High (prolonged downtime and '
                                       'significant financial loss)',
            'downtime': '15 months (trading suspension)',
            'financial_loss': '$235 million (stolen assets)',
            'operational_impact': 'Complete halt of trading operations; '
                                  'restructuring required for relaunch',
            'systems_affected': ['Cryptocurrency Exchange Platform']},
 'initial_access_broker': {'high_value_targets': ['Cryptocurrency wallets']},
 'investigation_status': 'Resolved (exchange relaunched)',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'corrective_actions': ['Restructuring',
                                                   'Security improvements '
                                                   '(details unspecified)']},
 'references': [{'date_accessed': '2024-10', 'source': 'CoinDesk'},
                {'date_accessed': '2024-10-25',
                 'source': 'Risky Business Newsletter'}],
 'regulatory_compliance': {'legal_actions': ['Singapore High Court-approved '
                                             'restructuring']},
 'response': {'communication_strategy': ['Public announcement of relaunch'],
              'containment_measures': ['Suspension of trading operations'],
              'incident_response_plan_activated': True,
              'recovery_measures': ['Relaunch with zero trading fees'],
              'remediation_measures': ['Restructuring under court approval',
                                       'Security enhancements (unspecified)'],
              'third_party_assistance': ['Singapore High Court (restructuring '
                                         'approval)']},
 'title': 'WazirX Cryptocurrency Exchange Resumes Trading After $235M Hack',
 'type': ['Cyber Theft', 'Cryptocurrency Hack']}